Merge branch 'master' into version-versions

2020-06-15 13:56:33 -04:00 · 2020-06-15 13:56:33 -04:00 · 34e1c9de2f
parent 760c32c4ac 9236eb286f
commit 34e1c9de2f
4 changed files with 19 additions and 6 deletions
--- a/main/main.go
+++ b/main/main.go
@ -45,7 +45,10 @@ func main() {
 	}

 	// Track if sybil control is enforced
-	if !Config.EnableStaking {
+	if !Config.EnableStaking && Config.EnableP2PTLS {
+		log.Warn("Staking is disabled. Sybil control is not enforced.")
+	}
+	if !Config.EnableStaking && !Config.EnableP2PTLS {
 		log.Warn("Staking and p2p encryption are disabled. Packet spoofing is possible.")
 	}

--- a/main/params.go
+++ b/main/params.go
@ -50,7 +50,8 @@ var (
 )

 var (
-	errBootstrapMismatch = errors.New("more bootstrap IDs provided than bootstrap IPs")
+	errBootstrapMismatch  = errors.New("more bootstrap IDs provided than bootstrap IPs")
+	errStakingRequiresTLS = errors.New("if staking is enabled, network TLS must also be enabled")
 )

 // GetIPs returns the default IPs for each network
@ -201,7 +202,9 @@ func init() {

 	// Staking:
 	consensusPort := fs.Uint("staking-port", 9651, "Port of the consensus server")
-	fs.BoolVar(&Config.EnableStaking, "staking-tls-enabled", true, "Require TLS to authenticate staking connections")
+	// TODO - keeping same flag for backwards compatibility, should be changed to "staking-enabled"
+	fs.BoolVar(&Config.EnableStaking, "staking-tls-enabled", true, "Enable staking. If enabled, Network TLS is required.")
+	fs.BoolVar(&Config.EnableP2PTLS, "p2p-tls-enabled", true, "Require TLS to authenticate network communication")
 	fs.StringVar(&Config.StakingKeyFile, "staking-tls-key-file", defaultStakingKeyPath, "TLS private key for staking")
 	fs.StringVar(&Config.StakingCertFile, "staking-tls-cert-file", defaultStakingCertPath, "TLS certificate for staking")

@ -327,7 +330,13 @@ func init() {
 			*bootstrapIDs = strings.Join(defaultBootstrapIDs, ",")
 		}
 	}
-	if Config.EnableStaking {
+
+	if Config.EnableStaking && !Config.EnableP2PTLS {
+		errs.Add(errStakingRequiresTLS)
+		return
+	}
+
+	if Config.EnableP2PTLS {
 		i := 0
 		cb58 := formatting.CB58{}
 		for _, id := range strings.Split(*bootstrapIDs, ",") {
--- a/node/config.go
+++ b/node/config.go
@ -34,6 +34,7 @@ type Config struct {

 	// Staking configuration
 	StakingIP       utils.IPDesc
+	EnableP2PTLS    bool
 	EnableStaking   bool
 	StakingKeyFile  string
 	StakingCertFile string
--- a/node/node.go
+++ b/node/node.go
@ -119,7 +119,7 @@ func (n *Node) initNetworking() error {
 	dialer := network.NewDialer(TCP)

 	var serverUpgrader, clientUpgrader network.Upgrader
-	if n.Config.EnableStaking {
+	if n.Config.EnableP2PTLS {
 		cert, err := tls.LoadX509KeyPair(n.Config.StakingCertFile, n.Config.StakingKeyFile)
 		if err != nil {
 			return err
@ -253,7 +253,7 @@ func (n *Node) initDatabase() error {
 // Otherwise, it is a hash of the TLS certificate that this node
 // uses for P2P communication
 func (n *Node) initNodeID() error {
-	if !n.Config.EnableStaking {
+	if !n.Config.EnableP2PTLS {
 		n.ID = ids.NewShortID(hashing.ComputeHash160Array([]byte(n.Config.StakingIP.String())))
 		n.Log.Info("Set the node's ID to %s", n.ID)
 		return nil